Corporate Anti-Virus strategies

Ed Hill ed at eh3.com
Fri Aug 15 12:41:38 EDT 2003


Hi Duane,

I think "dsr" has some very good points but perhaps they could use some
explanation for those not familiar with Bugtraq.


On Fri, 2003-08-15 at 11:20, Duane Morin wrote:
> On Fri, 15 Aug 2003 dsr at tao.merseine.nu wrote:
> > Counterargument: Red Hat and Debian, among others, provide single-source
> > fixes.
> 
> Is this valid in general, so for isntance if the user was handed a CD with 
> Knoppix or Gentoo on it would they still have a single-source of fixes 
> available to them?  Or is it strictly for the big distributions?


> > Counterargument: 100 small holes vs 1 or 2 large ones? You haven't been
> > reading Bugtraq. 
> 
> Should I be?  Or will I be inundated?  I'm no sysadmin, just a user (and 
> occasional writer).  I don't know what your statement means.  Just to 
> clarify my own terminology by "large" hole I was thinking "Of the sort 
> that makes the evening news."  


Hi Duane,

"dsr" has some very good points but perhaps they could use some
explanation for those not familiar with Bugtraq.

Back a few years ago, standard Linux distros such as Red Hat were not
terribly secure.  They tended to turn on lots of services by default and
then required "by hand" admin attention both for the initial setup and
over time as new holes were found.

These days, the Linux situation has changed in two big ways:

  1) By default, most current Linux distributions are quite 
     secure.  Even inexperienced users are able to setup 
     remarkably secure systems due to the "off-or-disabled
     -by-default" nature of most services.  And the default 
     firewalls shipped with major distros are quite capable.

  2) Essentially all updates can be automated so that 
     they require little or no manual attention by trained 
     admins.  Major distros such as Red Hat now include 
     automated update services (eg. Red Hat's "up2date") 
     that will, on a regular (often nightly) basis, download 
     and apply security fixes.


Security pros will often be heard repeating the famous "security is not
a destination but a process" idea.  Since bugs and holes will continue
to be discovered in all products (including those from Microsoft and
from the Free/Open-Source worlds) the automated updates approach of the
major Linux vendors is certainly a good idea.

Ed

-- 
Edward H. Hill III, PhD
office:  MIT Dept. of EAPS;  Room 54-1424;  77 Massachusetts Ave.
            Cambridge, MA 02139-4307
email:   eh3 at mit.edu,  ed at eh3.com
URL:     http://web.mit.edu/eh3/
phone:   617-253-0098
fax:     617-253-4464
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.blu.org/pipermail/discuss/attachments/20030815/72b781c5/attachment.sig>


More information about the Discuss mailing list